J4x

.coderabbit.yaml

@@ -0,0 +1,74 @@
+language: "en"
+
+early_access: false
+
+reviews:
+  request_changes_workflow: true
+  high_level_summary: true
+  poem: false
+  review_status: true
+  collapse_walkthrough: false
+  path_filters:
+    # Exclude XML files for manifest and configuration
+    - "!**/*.xml"
+    # Exclude language files (translations)
+    - "!**/language/**/*.ini"
+    # Exclude asset files that don’t need review
+    - "!**/*.svg"
+    - "!**/*.png"
+    - "!**/*.jpg"
+    - "!**/*.jpeg"
+    - "!**/*.gif"
+    - "!**/*.ico"
+    # Exclude compiled and minified files
+    - "!**/*.min.js"
+    - "!**/*.min.css"
+    # Exclude SCSS files if they are intermediate and do not need review
+    - "!**/templates/**/*.scss"
+    # Exclude libraries and vendor code (third-party dependencies)
+    - "!**/node_modules/**"
+    - "!**/vendor/**"
+    # Exclude build files
+    - "!**/build/**"
+    # Exclude configuration files that are environment-specific
+    - "!**/configuration.php"
+  path_instructions:
+      # JavaScript files: front-end interactivity and functionality
+    - path: "**/*.js"
+      instructions: |
+        "Review JavaScript code to ensure:
+        - Adherence to Google JavaScript style guide.
+        - Efficient DOM manipulation suitable for Joomla’s frontend.
+        - Use of Joomla’s core JavaScript libraries where applicable (e.g., jQuery compatibility).
+        - Best practices for asynchronous requests if AJAX is used."
+    - path: "**/*.php"
+      instructions: |
+        "Review the PHP code for Joomla coding standards compliance, ensuring:
+        - Code follows Joomla's coding standards, validated using PHPCS with the Joomla standard.
+        - Adherence to Joomla’s MVC structure for extensions.
+        - Proper use of Joomla’s built-in functions (e.g., Input, Factory).
+        - SQL queries use Joomla’s database API to prevent SQL injection.
+        - Code is well-documented, with clear function and class descriptions."
+    - path: "**/*.ts"
+      instructions: |
+        "Review the JavaScript code for conformity with the Google JavaScript style guide, highlighting any deviations. Ensure that:
+        - The code adheres to best practices associated with nodejs.
+        - The code adheres to best practices associated with nestjs framework.
+        - The code adheres to best practices recommended for performance.
+        - The code adheres to similar naming conventions for controllers, models, services, methods, variables."
+  auto_review:
+    enabled: true
+    ignore_title_keywords:
+      - "WIP"
+      - "DO NOT MERGE"
+    drafts: false
+    base_branches:
+    - "master"
+    - "dev"
+    - "j4x"
+    - "feat/*"
+    - "feat-*"
+    - "release-*"
+
+chat:
+  auto_reply: true

changelog.md

@@ -0,0 +1,17 @@
+# Changelog
+
+#### Legend
+
+- Bug Fix (-)
+- Feature Addition (+) 
+
+### com_api v4.0.0
+
+##### - Bug fixes:
+- #194540 - API Rate Limit Exceeded,403 - Issue #122
+- Drop support to accept token as 'Key' parameter from GET/POST request - Tokens should not be accepted via request variables 
+
+
+##### + Features Added:
+- #175851 - Joomla 4 & PHP 8.0 compatible
+- #194541 - Added IP based restrictions to access the APIs, Issue #63

code/admin/assets/css/api.css

@@ -12,3 +12,21 @@
 	background-image: url(../images/l_logs.png);
 	padding-left:60px!important;
 }
+.api-filter {
+    display: -webkit-box;
+    display: -ms-flexbox;
+    display: flex;
+    -ms-flex-wrap: wrap;
+    flex-wrap: wrap;
+}
+.js-stools-container-bar-api-filter {
+    -webkit-margin-start: auto;
+    margin-inline-start: auto;
+}
+.js-stools-container-bar-api-filter .btn-toolbar>*+* {
+    -webkit-margin-start: 8px;
+    margin-inline-start: 8px;
+}
+.js-stools-container-bar-api-filter .btn-toolbar>* {
+    margin: 5px;
+}

code/admin/config.xml

@@ -3,13 +3,20 @@
 	<fieldset label="COM_API" name="api">
 		<field name="force_output" type="text" label="COM_API_FORM_LBL_FORCE_OUTPUT"
 			description="COM_API_FORM_DESC_FORCE_OUTPUT" />
+		<field name="request_limit_time" type="radio" default="hour"
+			label="COM_API_CONFIG_REQ_LT_LBL" description="COM_API_CONFIG_REQ_LT_DESC"
+			class="btn-group">
+			<option value="hour">COM_API_CONFIG_RLT_HOUR</option>
+			<option value="minute">COM_API_CONFIG_RLT_MINUTE</option>
+			<option value="day">COM_API_CONFIG_RLT_DAY</option>
+		</field>
 		<field name="request_limit" type="text" label="COM_API_FORM_LBL_RATE_LIMIT"
 			description="COM_API_FORM_LBL_RATE_LIMIT_DESC" />
 		<field name="log_requests" type="radio" default="0"
 			label="COM_API_CONFIG_LOG_LBL" description="COM_API_CONFIG_LOG_DESC"
 			class="btn-group">
-			<option value="0">No</option>
-			<option value="1">Yes</option>
+			<option value="0">JNO</option>
+			<option value="1">JYES</option>
 		</field>
 		<field name="exclude_log" type="text" default="password,pass,passwd,pwd,key"
 			label="COM_API_EXCLD_WORDS" description="COM_API_EXCLD_WORDS_DESC" />
@@ -19,10 +26,12 @@
 		<field name="allow_cors" type="radio" default="0"
 			label="COM_API_CONFIG_ALLOW_CORS_LBL" description="COM_API_CONFIG_ALLOW_CORS_DESC"
 			class="btn-group">
-			<option value="0">No</option>
-			<option value="get">GET</option>
-			<option value="*">ALL</option>
+			<option value="0">JNO</option>
+			<option value="get">COM_API_CONFIG_GET_CORS</option>
+			<option value="*">JALL</option>
 		</field>
+        <field name="ip_address" type="textarea" columns="5"
+            label="COM_API_CONFIG_IPS_LBL" description="COM_API_CONFIG_IPS_DESC" />
         <field name="cors" type="textarea" default="*" columns="5"
             label="COM_API_CONFIG_CORS_LBL" description="COM_API_CONFIG_CORS_DESC" />
         <field name="allow_headers" type="textarea" default="Authorization, Access-Control-Allow-Origin, Access-Control-Allow-Methods, X-Authorization, X-Compatibility-Mode, Content-Type, Accept" columns="5"

code/admin/controllers/keys.php

@@ -12,6 +12,7 @@
 use Joomla\CMS\MVC\Controller\AdminController;
 use Joomla\CMS\MVC\Model\BaseDatabaseModel;
 use Joomla\CMS\Factory;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Keys list controller class.
@@ -30,7 +31,7 @@ class ApiControllerKeys extends AdminController
 	 *
 	 * @since   3.0
 	 */
-	public function getModel($name = 'key', $prefix = 'ApiModel')
+	public function getModel($name = 'key', $prefix = 'ApiModel', $config = array())
 	{
 		$model = parent::getModel($name, $prefix, array('ignore_request' => true));
 
@@ -52,8 +53,8 @@ public function saveOrderAjax()
 		$order = $input->post->get('order', array(), 'array');
 
 		// Sanitize the input
-		JArrayHelper::toInteger($pks);
-		JArrayHelper::toInteger($order);
+		ArrayHelper::toInteger($pks);
+		ArrayHelper::toInteger($order);
 
 		// Get the model
 		$model = $this->getModel();

code/admin/helpers/api.php

@@ -8,9 +8,9 @@
 
 // No direct access.
 defined('_JEXEC') or die();
+use Joomla\CMS\HTML\HTMLHelper;
 
 use Joomla\CMS\Language\Text;
-use Joomla\CMS\HTML\HTMLHelper;
 use Joomla\CMS\Object\CMSObject;
 use Joomla\CMS\Factory;
 

code/admin/language/en-GB/en-GB.com_api.ini

@@ -86,7 +86,7 @@ COM_API_CONFIG_ALLOW_CORS_LBL="Allow Cross Origin Requests"
 COM_API_CONFIG_ALLOW_CORS_DESC="This configuration enables CORS support. Choose if you wish to enable CORS for only GET method or for all methods."
 COM_API_CONFIG_CORS_LBL="CORS URLs / Domains"
 COM_API_CONFIG_CORS_DESC="List of URLs for which to allow CORS requests. Put an asterisk (*) to allow CORS requests from all domains. Alternately put a comma separated list of URL's. Ex. https://techjoomla.com, http://example.com"
-COM_API_FORM_LBL_RATE_LIMIT="Hourly Rate Limit for Requests"
+COM_API_FORM_LBL_RATE_LIMIT="Rate Limit for Requests"
 COM_API_FORM_LBL_RATE_LIMIT_DESC="Put a number if you want to limit the number of requests made by a token in an hour to the configured value. An empty or 0 value allows unlimited requests"
 COM_API_EXCLD_WORDS="Exclude request variables from log"
 COM_API_EXCLD_WORDS_DESC="A comma separated list of request variables that will be redacted before being added to the API Request log"
@@ -97,6 +97,15 @@ COM_API_CONFIG_ALLOW_HEADER_DESC="Add comma separated values for Access-Control-
 COM_API_FILTER_DESC="Searches in User name, hash, Request URL, POST Data. <br />uid:number searches logs for a particular user"
 UNASSIGNED_HASH="No user for this API Key"
 
+COM_API_CONFIG_IPS_DESC="List of IPs for which to allow API access. Put an asterisk (*) to allow API access from all IPs. Alternately put a comma separated list of IPs Ex. 192.168.1.1, 192.168.1.10 or IP Range Ex. 192.168.1.1-192.168.1.10 or CIDR Block Ex. 192.168.1.1/24"
+COM_API_CONFIG_IPS_LBL="IP Address/IP Range/CIDR Block"
+COM_API_CONFIG_REQ_LT_LBL="Rate Frequency"
+COM_API_CONFIG_REQ_LT_DESC="Request limit frequency"
+COM_API_CONFIG_RLT_HOUR="Hour"
+COM_API_CONFIG_RLT_MINUTE="Minute"
+COM_API_CONFIG_RLT_DAY="Day"
+COM_API_CONFIG_GET_CORS="Get"
+
 ; Permissions
 JACTION_MANAGELOGS="Manage Logs"
 JACTION_MANAGELOGS_DESC="Allows users in this group to manage API logs."

code/admin/language/en-GB/en-GB.com_api.sys.ini

@@ -9,6 +9,7 @@ COM_API_XML_DESCRIPTION="Multi"
 COM_API_TEST_LABEL="Test label"
 
 COM_API_TITLE_KEYS="API Keys"
+COM_API_TITLE_LOGS="Request Logs"
 
 COM_API_SHOW_TABLES_SQL_STATEMENT="SHOW FULL TABLES WHERE tables_in_%s LIKE %s"
 

code/admin/models/fields/createdby.php

@@ -7,7 +7,6 @@
  */
 
 defined('JPATH_BASE') or die();
-
 use Joomla\CMS\Form\FormField;
 use Joomla\CMS\Factory;
 

code/admin/tables/log.php

@@ -14,6 +14,7 @@
 use Joomla\CMS\Factory;
 use Joomla\Registry\Registry;
 use Joomla\CMS\Access\Access;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Log Table class
@@ -138,7 +139,7 @@ public function store($updateNulls = false)
 	{
 		if (is_array($this->post_data))
 		{
-			$this->post_data = JArrayHelper::toString($this->post_data, '=', '&');
+			$this->post_data = ArrayHelper::toString($this->post_data, '=', '&');
 		}
 
 		return parent::store($updateNulls = false);

code/admin/views/cpanel/view.html.php

@@ -7,9 +7,9 @@
  */
 
 defined('_JEXEC') or die();
-
-use Joomla\CMS\MVC\View\HtmlView;
+
 use Joomla\CMS\Language\Text;
+use Joomla\CMS\Toolbar\ToolbarHelper;
 
 /**
  * Cpanel class
@@ -54,7 +54,7 @@ public function display($tpl = null)
 	 */
 	private function generateToolbar()
 	{
-		JToolBarHelper::title(Text::_('COM_API') . ': ' . Text::_('COM_API_CONTROL_PANEL'));
-		JToolBarHelper::preferences('com_api', 500, 500);
+		ToolbarHelper::title(Text::_('COM_API') . ': ' . Text::_('COM_API_CONTROL_PANEL'));
+		ToolbarHelper::preferences('com_api', 500, 500);
 	}
 }

code/admin/views/key/tmpl/edit.php

@@ -28,36 +28,36 @@
 HTMLHelper::_('behavior.keepalive');
 
 // Import CSS
-$document = Factory::getDocument();
-$document->addStyleSheet('components/com_api/assets/css/api.css');
-?>
+HTMLHelper::_('stylesheet','components/com_api/assets/css/api.css');
 
-<script type="text/javascript">
-	js = jQuery.noConflict();
-	js(document).ready(function()
-	{
-
-	});
-
-	Joomla.submitbutton = function(task)
-	{
-		if (task == 'key.cancel')
+Factory::getDocument()->addScriptDeclaration(
+	"
+		js = jQuery.noConflict();
+		js(document).ready(function()
 		{
-			Joomla.submitform(task, document.getElementById('key-form'));
-		}
-		else
+
+		});
+
+		Joomla.submitbutton = function(task)
 		{
-			if (task != 'key.cancel' && document.formvalidator.isValid(document.getElementById('key-form')))
+			if (task == 'key.cancel')
 			{
 				Joomla.submitform(task, document.getElementById('key-form'));
 			}
 			else
 			{
-				alert('<?php echo $this->escape(Text::_('JGLOBAL_VALIDATION_FORM_FAILED')); ?>');
+				if (task != 'key.cancel' && document.formvalidator.isValid(document.getElementById('key-form')))
+				{
+					Joomla.submitform(task, document.getElementById('key-form'));
+				}
+				else
+				{
+					alert('".$this->escape(Text::_('JGLOBAL_VALIDATION_FORM_FAILED'))."');
+				}
 			}
 		}
-	}
-</script>
+		");
+	?>
 
 <div class="<?php echo COM_APIS_WRAPPER_CLASS; ?> api-key">
 	<form action="<?php echo Route::_('index.php?option=com_api&layout=edit&id=' . (int) $this->item->id); ?>" method="post" enctype="multipart/form-data" name="adminForm" id="key-form" class="form-validate">

code/admin/views/key/view.html.php

@@ -14,6 +14,8 @@
 use Joomla\CMS\Form\Form;
 use Joomla\CMS\Factory;
 use Joomla\CMS\Language\Text;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
 
 /**
  * View class key form.
@@ -95,11 +97,11 @@ protected function addToolbar()
 
 		if (JVERSION >= '3.0')
 		{
-			JToolBarHelper::title($viewTitle, 'pencil-2');
+			ToolBarHelper::title($viewTitle, 'pencil-2');
 		}
 		else
 		{
-			JToolBarHelper::title($viewTitle, 'key.png');
+			ToolBarHelper::title($viewTitle, 'key.png');
 		}
 
 		if (isset($this->item->checked_out))
@@ -116,28 +118,28 @@ protected function addToolbar()
 		// If not checked out, can save the item.
 		if (! $checkedOut && ($canDo->get('core.edit') || ($canDo->get('core.create'))))
 		{
-			JToolBarHelper::apply('key.apply', 'JTOOLBAR_APPLY');
-			JToolBarHelper::save('key.save', 'JTOOLBAR_SAVE');
+			ToolBarHelper::apply('key.apply', 'JTOOLBAR_APPLY');
+			ToolBarHelper::save('key.save', 'JTOOLBAR_SAVE');
 		}
 
 		if (! $checkedOut && ($canDo->get('core.create')))
 		{
-			JToolBarHelper::custom('key.save2new', 'save-new.png', 'save-new_f2.png', 'JTOOLBAR_SAVE_AND_NEW', false);
+			ToolBarHelper::custom('key.save2new', 'save-new.png', 'save-new_f2.png', 'JTOOLBAR_SAVE_AND_NEW', false);
 		}
 
 		// If an existing item, can save to a copy.
 		if (! $isNew && $canDo->get('core.create'))
 		{
-			JToolBarHelper::custom('key.save2copy', 'save-copy.png', 'save-copy_f2.png', 'JTOOLBAR_SAVE_AS_COPY', false);
+			ToolBarHelper::custom('key.save2copy', 'save-copy.png', 'save-copy_f2.png', 'JTOOLBAR_SAVE_AS_COPY', false);
 		}
 
 		if (empty($this->item->id))
 		{
-			JToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CANCEL');
+			ToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CANCEL');
 		}
 		else
 		{
-			JToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CLOSE');
+			ToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CLOSE');
 		}
 	}
 }